1. Field of the Invention
The present disclosure relates to a system, method and article for protecting microprocessor integrated circuits against attacks by error injection.
2. Description of the Related Art
In recent years, the techniques of hacking secured microprocessor integrated circuits (i.e., microprocessors, microcontrollers, microprocessor memories . . . ) have developed considerably. The most advanced hacking methods currently involve injecting errors at determined points of an integrated circuit during the execution of so-called sensitive operations, such as authentication operations or operations of executing a cryptography algorithm for example. Such attacks by error injection, also referred to as attacks by fault injection, can enable, in combination with mathematical models, the structure of a cryptography algorithm and/or the secret keys it uses to be deduced. The fault injection can be done in various ways, by introducing glitches into the supply voltage of the integrated circuit, by introducing glitches into the clock signal of the integrated circuit, by exposing the integrated circuit to radiations, etc.
Thus, the detection of error injections is considered to be a measure to provide a high level of security to certain integrated circuits, particularly integrated circuits for smart cards.
A method for monitoring the execution of a program is disclosed in EP 1,161,725, which involves producing cumulative signatures that vary according to the instruction codes that run in the instruction register of a microprocessor. Such a method enables a derailment of the program being executed, particularly due to an error injection, to be detected. However, one type of attack against which a microprocessor integrated circuit must be protected is the injection of error into the data supplied to a peripheral element, particularly a cryptographic calculation block (which is generally integrated onto the same silicon microchip as the microprocessor). Now, monitoring the proper execution of a sequence of instruction codes does not enable such an attack to be detected, since the program is executed normally as far as the value and the succession of the instruction codes in the instruction register are concerned. Thus, this monitoring method does not enable an injection of errors into the data paths or even into control signals of the microprocessor to be detected.